feat: user service

2026-04-10 19:05:02 +02:00
parent 710bad712e
commit 23ffcb7535
140 changed files with 33418 additions and 952 deletions
@@ -0,0 +1,86 @@
+package gatewayauthsessionuser_test
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGatewayAuthsessionUserFirstRegistrationCreatesUserAndAllowsAccountRead(t *testing.T) {
+	h := newGatewayAuthsessionUserHarness(t)
+
+	const email = "created@example.com"
+
+	challengeID := h.sendChallenge(t, email)
+	code := lastMailCodeFor(t, h.mailStub, email)
+	clientPrivateKey := newClientPrivateKey("first-registration")
+
+	confirmResponse := h.confirmCode(t, challengeID, code, clientPrivateKey)
+	var confirmBody struct {
+		DeviceSessionID string `json:"device_session_id"`
+	}
+	requireJSONStatus(t, confirmResponse, http.StatusOK, &confirmBody)
+	require.True(t, strings.HasPrefix(confirmBody.DeviceSessionID, "device-session-"))
+
+	sessionRecord := h.waitForGatewaySession(t, confirmBody.DeviceSessionID)
+	accountResponse := h.executeGetMyAccount(t, confirmBody.DeviceSessionID, "request-first-registration", clientPrivateKey)
+
+	require.Equal(t, sessionRecord.UserID, accountResponse.Account.UserID)
+	require.Equal(t, email, accountResponse.Account.Email)
+	require.Equal(t, "en", accountResponse.Account.PreferredLanguage)
+	require.Equal(t, gatewayAuthsessionUserTestTimeZone, accountResponse.Account.TimeZone)
+
+	lookupResponse, lookup := h.lookupUserByEmail(t, email)
+	require.Equalf(t, http.StatusOK, lookupResponse.StatusCode, "status=%d body=%s", lookupResponse.StatusCode, lookupResponse.Body)
+	require.Equal(t, accountResponse.Account.UserID, lookup.User.UserID)
+}
+
+func TestGatewayAuthsessionUserExistingAccountKeepsCreateOnlySettings(t *testing.T) {
+	h := newGatewayAuthsessionUserHarness(t)
+
+	const email = "existing@example.com"
+
+	created := h.ensureUser(t, email, "fr-FR", "Europe/Paris")
+	require.Equal(t, "created", created.Outcome)
+
+	challengeID := h.sendChallenge(t, email)
+	code := lastMailCodeFor(t, h.mailStub, email)
+	clientPrivateKey := newClientPrivateKey("existing-account")
+
+	confirmResponse := h.confirmCode(t, challengeID, code, clientPrivateKey)
+	var confirmBody struct {
+		DeviceSessionID string `json:"device_session_id"`
+	}
+	requireJSONStatus(t, confirmResponse, http.StatusOK, &confirmBody)
+
+	accountResponse := h.executeGetMyAccount(t, confirmBody.DeviceSessionID, "request-existing-account", clientPrivateKey)
+	require.Equal(t, created.UserID, accountResponse.Account.UserID)
+	require.Equal(t, "fr-FR", accountResponse.Account.PreferredLanguage)
+	require.Equal(t, "Europe/Paris", accountResponse.Account.TimeZone)
+}
+
+func TestGatewayAuthsessionUserBlockedEmailAndUserBehavior(t *testing.T) {
+	h := newGatewayAuthsessionUserHarness(t)
+
+	blockedAtSendEmail := "blocked-send@example.com"
+	h.blockByEmail(t, blockedAtSendEmail)
+
+	beforeBlockedSendDeliveries := len(h.mailStub.RecordedDeliveries())
+	blockedChallengeID := h.sendChallenge(t, blockedAtSendEmail)
+	require.NotEmpty(t, blockedChallengeID)
+	require.Len(t, h.mailStub.RecordedDeliveries(), beforeBlockedSendDeliveries)
+
+	blockedAtConfirmEmail := "blocked-confirm@example.com"
+	challengeID := h.sendChallenge(t, blockedAtConfirmEmail)
+	code := lastMailCodeFor(t, h.mailStub, blockedAtConfirmEmail)
+	h.blockByEmail(t, blockedAtConfirmEmail)
+
+	confirmResponse := h.confirmCode(t, challengeID, code, newClientPrivateKey("blocked-confirm"))
+	require.Equal(t, http.StatusForbidden, confirmResponse.StatusCode)
+	require.JSONEq(t, `{"error":{"code":"blocked_by_policy","message":"authentication is blocked by policy"}}`, confirmResponse.Body)
+
+	lookupResponse, _ := h.lookupUserByEmail(t, blockedAtConfirmEmail)
+	requireLookupNotFound(t, lookupResponse)
+}